Apple's fight with the FBI is a lot messier than it looks

In an email to employees, Apple CEO Tim Cook said the company "would gladly participate" in discussions with law enforcement about the implications of encryption.
Jason Reed / Reuters

The main question being asked about Apple's ongoing standoff with the FBI is whether the company should break its own encryption to unlock San Bernardino terror suspect Syed Farook's iPhone.

Apple CEO Tim Cook has called the request "an unprecedented step which threatens the security of our customers." FBI director James Comey has said that it's not about setting any kind of precedent, but seeking justice for the victims of the tragic shooting that left 14 people dead and 22 others injured.

But as more details about the case have been revealed over the last several days, it's become clear that at least two potentially negligent decisions were made by government officials regarding Farook's iPhone before and after the shooting in December.

San Bernardino County could have remotely unlocked the iPhone if it been under mobile device management

It's important to distinguish that the iPhone Apple is being asked to create a back door into is an iPhone 5c owned and issued by the San Bernardino County Department of Public Health, which employed Farook.

Mobile device management (MDM) is commonly used in the enterprise world for employers to set up, manage, and monitor smartphones issued to employees. When a phone is set up with MDM, the IT department that issued it can control everything from the kinds of apps it downloads to the level of encryption it uses when accessing the internet, emails, and other sensitive data.

Another important feature of MDM is the ability to remotely unlock a phone without the employee's help.

That feature would have been particiularily helpful in the case of Farook's iPhone.

While San Bernardino County is currently testing MDM software for its employees, the department Farook belonged to "opted not to participate in the test," county spokesman David Wert told Tech Insider.

"Until this incident, neither the county nor anyone else has ever had any interest in or use for data stored on a county-owned iPhone that can't be accessed through other means, mostly from information provided by the carrier," Wert said.

He added that the MDM program used by the county, MobileIron, can easily be evaded by an employee deleting an app and user profile from his or her iPhone. Reuters was first to report about San Bernardino County's use of MDM software on February 19 and also confirmed that it could have been used to unlock Farook's iPhone passcode.

While it would have been easy for Farook to disable MobileIron's software and go rogue, doing so would have alerted his department, Wert confirmed. "But a user who is up to no good is not likely to make returning the device to the county to have it brought back into compliance a high priority," he said.

The government resetting the iCloud password made it impossible to get a recent iCloud backup

You may have seen recent headlines that say Apple has helped law enforcement hack iPhones dozens of times in the past. That is only partially true.

Apple has given law enforcement access to iCloud backups and other unencrypted account data it stores on its servers. It has never created a modified version of its operating system to hack the iPhone's passcode, which is what the FBI is asking it to do for Farook's iPhone.

It is Apple's refusal to create this tool, or back door, that's caused such an uproar. Apple CEO Tim Cook has argued that doing so would create a "master key" that could be used to forcibly unlock any iPhone the government wants physical access to. Such a key would likely fall into the hands of other governments and hackers if it was ever created, Apple has said.

Tashfeen Malik and Syed Farook killed 14 people at a holiday party before dying in a shootout with police.
Reuters
Back to Farook's iCloud account. In a motion last Friday compelling Apple to cooperate with the investigation, the FBI revealed that the iCloud password associated Farook's iPhone had been reset by county officials "in the hours after the attack."

San Bernardino County confirmed that it was able reset the password because Farook's work email was used for his iCloud account.

It's unclear what county officials thought would happen when they reset Farook's iCloud password. The FBI has said the reset was "an attempt to gain access to some information."

Resetting the password tied to an Apple ID pauses the ability for an iPhone to perform an iCloud backup without the new password first being entered into the device.

Farook's iPhone had not been backed up to iCloud for six weeks, and Apple provided law enforcement with the six-week-old backup under warrant as it has for similar requests from the government, Apple executives said during a call with reporters on Friday.

If the iCloud password hadn't been reset, law enforcement could have connected the iPhone to a known WiFi network to see if the device performed an auto-backup to iCloud. Apple could have even upgraded the storage limit for Farook's iCloud account if he had run out of storage.

But by resetting the iCloud password, that avenue of investigation was closed.

Now the only way to access the iPhone is by cracking its 4-digit PIN

Because Farook's iPhone was not under MDM and cut off from backing up to iCloud, the FBI has no other choice but to brute force hack the iPhone's 4-digit pin.

San Bernardino County confirmed that it "requires all iPhones and iPads that connect to the county network to have the four-digit entry PIN activated and to erase the device's data if 10 incorrect PINs are entered."

That means without Apple or a third-party like John McAfee's help circumventing the iPhone's security, the FBI has 10 guesses before Farook's data self destructs. The FBI is asking Apple to help so it can have the freedom to try as many passcode combinations as it wants in order to access the phone.

The big questions

The FBI might not be in this situation if it hadn't asked for the iCloud password to be reset. Or if San Bernardino County had put all of its employees on mobile device management. So the big questions are: Why did the FBI ask to reset the password? Did it do so to force Apple's hand and finally get the so-called back door to the iPhone law enforcement desperately wants? Or is this pure negligence on law enforcement's part?